Enterprise systems have long relied on mobile devices that provide voice on carrier networks and funnel data through enterprise servers, such as BLACKBERRY ENTERPRISE SERVER (BES). BES provides secured communications by controlling user profiles and applications that may be installed on enterprise mobile devices. However, modern enterprise systems allow users to operate unsecured mobile devices with access to enterprise systems. These devices are becoming increasingly popular across all industries despite the limited ways to control or detect malicious activity on these types of mobile devices.
For example, Android smartphones are popular with users of enterprise systems because of their flexible platforms, despite the fact that data from Android smartphones is communicated over carrier networks, rather than being funneled through a BES. Android smartphones can use separate mobile device management software, but typically, the ability to download applications by users is not controlled by any BES-like server or service. Consequently, there is an inability by enterprise systems to control users from taking malicious actions on these types of mobile devices, or detect any malicious activity after the fact. Undetectable malicious activity in enterprise systems includes, for example, unintended application installations, and unauthorized users of the mobile devices that are masquerading as authorized users.
Malware in mobile devices is also becoming a significant problem for enterprise and individual users. For example, the amount of Android malware tripled in the second quarter of 2012 compared to the first quarter. See Y. Namestnikov, IT Threat Evolution: Q2 2012, SecureList, available at www.securelist.com/en/analysis/204792239/IT_Threat_Evolution_Q2_2012.
One approach to combat malware on enterprise mobile devices is to install a local virus scanner, much like an administrator would do on enterprise laptop or desktop computers. Mobile virus scanners run as similar privileged applications inside a virtual machine environment of a mobile device. Virus scanners compare installed applications against a known repository of malware signatures. That is, a virus scanner compares applications against a blacklist of known malicious applications. This technique has recognized weaknesses that are exploited by malware distributors. For example, a malicious application that is not in the blacklist is undetectable and could surreptitiously escalate privileges by modifying critical system files and altering mobile device behavior, rendering the virus scanner useless.
Thus, current security mechanisms for enterprise mobile devices can only detect malicious activity that has been previously identified as malicious, such as known malicious applications. Consequently, unknown malicious applications, unauthorized users, or malicious authorized users can readily take actions that potentially leave sensitive data exposed with little recourse for enterprise systems. Moreover, the risk of data loss inherently increases as more sensitive enterprise information becomes accessible over these types of mobile devices.